CVE-2024-53221

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue occurs when concurrently installing the f2fs.ko module and mounting the f2fs file system, resulting in a null-ptr-deref in the f2fs submit page bio() function. This happens because the biset of the f2fs file system is not initialized before registering f2fs fs type. The problem can be addressed by registering f2fs fs type at the end of init f2fs fs() and ensuring that all f2fs file system resources are initialized.

Recommendations To resolve the issue, register f2fs fs type at the last in init f2fs fs(). Ensure that all f2fs file system resources are initialized. As a temporary workaround, consider disabling the f2fs submit page bio() function until a patch is available. Restrict access to the vulnerable f2fs module to minimize the risk of exploitation. Avoid using the f2fs.ko module in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.